lpouwelse / magento-2-cors-requests

lpouwelse/magento-2-cors-requests

Enabling cross-origin resource sharing (CORS) requests to Magento 2 API from configured Origin domain

magento2-module Compatibility: Not yet tested Code Quality: Warning Tests: N/A Security: Pass OSL-3.0, AFL-3.0

Get this package

Free

Install

Add the repository once:

composer config repositories.packagento composer https://packagento.com/

Then require:

composer require lpouwelse/magento-2-cors-requests:^100.0.7

Details

Latest version: 100.0.7
Released: 2022-10-18 04:41:55
Downloads: 0
License: OSL-3.0, AFL-3.0
Homepage: https://github.com/splashlab/magento-2-cors-requests
Repository: https://github.com/splashlab/magento-2-cors-requests
Issues: https://github.com/splashlab/magento-2-cors-requests/issues

Own this package?

Are you the maintainer? Create an account and link the source repository to claim this package and register a webhook so new versions publish automatically.

Claim this Package

Report this package

Seeing license violations, malicious code, IP infringement, or spam? Let our moderation team know.

Readme

Magento 2 CORS Cross-Domain Requests by SplashLab

This module allows you to enable Cross-Origin Resource Sharing (CORS) REST API requests in Magento 2 by adding the appropriate HTTP headers and handling the pre-flight OPTIONS requests.

This can be used to allow AJAX and other requests to the Magento 2 REST API from another domain (or subdomain).

How to install

1. via composer

Edit composer.json

{
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/splashlab/magento-2-cors-requests"
        }
    ],
    "require": {
        "splashlab/magento-2-cors-requests": "dev-master"
    }
}

composer install
php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy

2. Copy and paste

Download latest version from GitHub

Paste into app/code/SplashLab/CorsRequests directory

php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy

3. Update Origin URL

In Stores -> Configuration, go to General -> Web -> CORS Requests Configuration.

Then edit the the CORS Origin Url field to the domain you want to enable cross-domain requests from. (i.e. http://example.com)

How does it work?

The full implementation of CORS cross-domain HTTP requests is outside the scope of this README, but this is what this module does:

Allows onfigureing an Origin Url in the Admin Configuration area - this is the domain which cross-domain requests are permitted from
This domain is added to a Access-Control-Allow-Origin response HTTP header
Optionally you can enable the Access-Control-Allow-Credentials header as well, to enable passing cookies

For non-GET and non-standard-POST requests (i.e. PUT and DELETE), the "pre-flight check" OPTIONS request is handled by:

An empty /V1/cors/check API response with the appropriate headers:
Access-Control-Allow-Methods response header, which mirrors the Access-Control-Request-Method request header
Access-Control-Allow-Headers response header, which mirrors the Access-Control-Request-Headers request header

Alternative Solutions

You can also manage these CORS headers with Apache and Nginx rules, instead of using this extension:

But I created this extension to allow you to configure the Origin domain the Admin Configuration, and to avoid having to create and manage special server configuration.

CORS Cross-Domain Request References

Changelog

No changelog yet

The vendor hasn't published a changelog. Tagged releases appear in the Versions tab.

Versions 5

Versions
Version	Stability	QA Status	Compatibility	Released
100.0.7	stable	Pass	Not yet tested Details	2022-10-18 04:41:55
100.0.6	stable	Not tested	Not yet tested Details	2021-02-08 22:20:41
100.0.4	stable	Not tested	Not yet tested Details	2020-02-24 18:46:33
100.0.3	stable	Not tested	Not yet tested Details	2019-04-16 22:15:02
100.0.2	stable	Not tested	Not yet tested Details	2018-09-11 17:26:36

Dependencies 2

Requires 2

Package	Constraint
magento/framework	*
php	~7.1.3\|\|~7.2.0\|\|~7.3.0\|\|~7.4.0\|\|~8.1.0

Quality 12

Compatibility

Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.

Compatibility matrix (Magento × PHP)
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	not tested	not tested
2.4.8		not tested	not tested
2.4.9			not tested	not tested

Code Quality

Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge — a phpcs finding can't make a module incompatible.

Static analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

Static analysis results
Tool	Status	Findings	Summary
PHPCS	Warning	40	40 warnings (ruleset: Magento2) — 33 auto-fixable with phpcbf
PHPMD	Warning	2	2 rule violations (IfStatementAssignment:1, UnusedFormalParameter:1)
Cpd	Pass	0
Composer validate	Info	2	valid; 2 advisory notes (composer validate --strict)

PHPStan

Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases. Cell → details modal.

PHPStan results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	N/A	N/A
2.4.8		N/A	N/A
2.4.9			N/A	N/A

Tests

Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.

Unit tests

Unit tests results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	N/A	N/A
2.4.8		N/A	N/A
2.4.9			N/A	N/A

Integration tests

Integration tests results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	N/A	N/A
2.4.8		N/A	N/A
2.4.9			N/A	N/A

Security

Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.

Security results
Tool	Status	Findings	Summary
Composer audit	Pass	0
Malware scan	Pass	0

License

License: OSL-3.0, AFL-3.0
Homepage: https://github.com/splashlab/magento-2-cors-requests

Make it pay

Turn an existing module into recurring revenue.

If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.

List your module